14 DAY TRIAL // The Australian division of Hewlett Packard issued a warning regarding the optional USB stick the company ships with its ProLiant servers. According to the company, the stick comes not only with drivers for the hardware components, but also with a free copy of malware-infected software.
The USB sticks come from a batch of 256 MB and 1 GB pen drives that have been infected with "Fakerecy" and "SillyFDC" viruses prior to their public distribution. Designed to carry the optional drives for floppy-disks, they arrived to the customers infected out-of-the-box. The company could not estimate how many of the shipped pen-drives carry the malware code.
Both "Fakerecy" and "SillyFDC" viruses are low-risk threats, but they use to duplicate themselves onto the removable media installed on the infected computer. Given their spreading method, the incident is believed to have occurred during the USB disc cloning process inside the factory, rather than to have been the result of a deliberate, malicious attack.
Still, the situation is not likely to bring damage to Hewlett-Packard's customers, for a number of reasons. First of all, installing a floppy disk is optional, and it's less likely that a significant percent of the USB stick owners have performed this task.
Moreover, the ProLiant servers usually meet a Linux-based operating system before getting into production, which eliminates the security threats caused by the two pieces of malware.
Last, but not least, the "Fakerecy" and "SillyFDC" viruses are extremely "dull" and could not lead neither to security breaches, nor to vital data getting into the wrong hands.
However, the situation is an eloquent example of how USB drives can become a vector for spreading infections, just like it happened earlier this year with the digital photo frames.